Future changes to Facebook privacy settings to be opt-in

The Federal Trade Commission has accepted a final settlement with Facebook, initially proposed last year, which requires that all future changes to privacy settings on the social network be made opt-in. Further, the company must undergo biennial privacy audits for the next 20 years from an independent third party.

Since 2009, Facebook has been under investigation by federal authorities and American senators in the wake of a series of incidents involving the sudden change of users' privacy settings, most notably Facebook Beacon, which shut down that same year.

On Friday, FTC commissioners voted 3-1-1 (including one abstention) and said that they would be keeping a close eye on the company.

“Notably, Facebook will be subject to civil penalties of up to $16,000 for each violation of the order,” the commission wrote in a statement. “We intend to monitor closely Facebook’s compliance with the order and will not hesitate to seek civil penalties for any violations.”

In November 2011, in response to the proposed settlement, Facebook’s founder, Mark Zuckerberg wrote that while his company had made mistakes with respect to privacy, that it was resolved to improve.

"I'm the first to admit that we've made a bunch of mistakes," Zuckerberg said via the company's blog. "In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done.

"But we can also always do better. I'm committed to making Facebook the leader in transparency and control around privacy," Zuckerberg added.

Facebook did not respond immediately to requests for comment regarding the new settlement.

Mark Rotenberg, the head of the Electronic Privacy Information Center (EPIC), which was one of the groups that originally brought a complaint against Facebook to the FTC back in 2009, wrote to Ars to say he was "generally pleased" with the new settlement.

"Though we believe the FTC could have strengthened the final terms," he added. "Most significantly, the FTC should have required Facebook to restore the original settings of its users."

I deleted my account over 3 years ago when the Privacy shenanigans were clearly becoming the M.O. for the company, and I've never looked back. I spend time focusing on things that actually interest me rather than trite conversations with people I used to know [who I have little interest in continuing to communicate with]. People I know well, I communicate with via other, more traditional means.

Wait, people have some kind of expectation of privacy of the info they give Facebook? Really?

As far as Facebook and it's Privacy efforts, well, I follow the Frey Principle: Have no expectations, and you can't be disappointed.

I don't think they have an expectation of privacy, but after they go and tell Facebook how they want their privacy to be respected, I don't think it is unreasonable to expect that they won't just ignore that when they come out with "new privacy".

Of course they don't respect any of their users, and for that reason I don't have a Facebook account.

I deleted my account over 3 years ago when the Privacy shenanigans were clearly becoming the M.O. for the company, and I've never looked back. I spend time focusing on things that actually interest me rather than trite conversations with people I used to know [who I have little interest in continuing to communicate with]. People I know well, I communicate with via other, more traditional means.

"we've made a bunch of mistakes" sounds like a naughty school kid who got slapped and was made to apologise. The language doesn't come across as Zuckerberg neither meaning it nor actually being sorry for it.

I think its good to hold internet companies to higher standards of privacy. Facebook may be dispensable, but what if Google or Microsoft started playing fast and loose with privacy? You'd all be up in arms and breaking down their front doors. Facebook shouldn't be allowed to get away with this just because it's a social network. Especially not since it is a social network.

Over the past few years I've pulled almost all of my profile data from Facebook (I used to have a fair amount) and I certainly don't use all of it's "features" thanks to articles like this. My default stance is to NOT trust Facebook anymore, good job guys!

I think its good to hold internet companies to higher standards of privacy. Facebook may be dispensable, but what if Google or Microsoft started playing fast and loose with privacy? You'd all be up in arms and breaking down their front doors. Facebook shouldn't be allowed to get away with this just because it's a social network. Especially not since it is a social network.

This ruling doesn't apply to any entity aside from Facebook.

It does provide some precedent for future rulings against companies, but it can't really address the root problem: legally speaking corporations, as people, have no right to your PII and shouldn't be able to use your PII for any purpose without your express written consent. An interesting but often unexamined side-effect of the "corporations are people" finding. I'm still waiting for the first class-action lawsuit that points this out.

If you really want something kept private, it shouldn't go on the internet. Click upload... there it goes, no getting it back.

Of course, realistically, it's hard to do that a lot of times. You might want to share with some people but not everyone, or not have it scooped up into advertising's gaping maw. For times like that, this is a good thing. Quite late, but it's a start.

Corporations should be required to make all changes opt-in, especially those involving your information. Because, since it's so great, they can just put a notice for their users and they'll click "Yes! I want that!", right? Corps want them to know the great changes they're making, right? Right??

Most Facebook privacy issues have seemed relatively minor to me, but I have a *huge* problem with the new "Seen by" feature for Groups, that tells everyone who has seen each posting and when.

It was bad enough that I couldn't opt out of having my activity displayed on the "Ticker", but at least that restricted the ability to stalk my online activity to my friends. Letting all the strangers within any group I'm a part of know when I'm online and what I'm doing... that totally crosses the line for me